The sites all use vulnerable versions of osCommerce, an open source online shop e-commerce solution. Some of the vulnerabilities exploited are old and patched long ago, but the sites have not updated their osCommerce installation. Some of the vulnerabilities (like this one), are quite recent. osCommerce, like a lot of other open source web solutions, is built on PHP and MySQL, each of which have their own vulnerabilities and frequent patches.

Compromised sites have an iframe or remote script call injected into the code they send to users. These install malware on the user's computers. The Armorize blog has instructions for finding and removing the malware from your own web sites.

The browser exploits used to install the malware on client systems include: